VPN get disconnected when LTE interface is UP

jerrt2003 · October 26, 2023, 7:00pm

I got this weird problem which I can’t figure out the reason behind it:
My current setup is a single WAN and I also setup a L2TP VPN which is dedicated for a VLAN traffic.
I recently got a T-mobile hotspot which I’d like to use a failover when main WAN is down (connected via USB tethering)
But whenever I enable the LTE interface, I found the VPN will get disconnected. But once LTE disabled, the VPN went back to normal.
I suspect it should be a configuration issue but I’m not sure where I get it wrong.
Any suggestion or direction will be much more appreciated

tangent · October 26, 2023, 7:16pm

I approved this post for the purposes of discussion, but I don’t see how any of this is RouterOS’s fault, in the sense that a configuration change could fix it. I feel safe inferring that the VPN is terminated on a RouterOS box, but the change is happening on the client side. Doesn’t that lay the problem at the feet of the client OS and its VPN configuration?

It would be different if you were using an MT router with an LTE interface such as the hAP ax lite LTE6, but you aren’t, so what’s the RouterOS-specific application here?

pe1chl · October 26, 2023, 7:33pm

Well of course in the typical setup where the normal WAN and the LTE both get their IP and default gateway using some dynamic mechanism (like PPPoE or DHCP) it can easily happen that adding another uplink kills the first one.
You need to configure the routing in such a way that the different “default gateway” entries either get a different metric or end up in a different routing table, and then additionally configure some form of “routing rule” to direct the packets out to the correct uplink.

tangent · October 26, 2023, 8:27pm

Right, but my point is, you’d do that on the client OS, either under the VPN tech in question (e.g. third-party client for WireGuard, OpenSSL, the proprietary IPsec flavor your IT masters favor…) or under the OS if you’re using its built-in VPN tech.

Contrast RouterOS WAN failover…

Amm0 · October 26, 2023, 8:52pm

Maybe the TTL goes up when the the VPN is up and T-Mobile is dropping, as T-Mobile historically used the hop-count to detect “sharing”, see:

https://help.mikrotik.com/docs/display/ROS/LTE#LTE-Avoidingtetheringspeedthrottling

http://forum.mikrotik.com/t/mikrotik-lhg-lte-and-t-mobile-sim-very-slow-internet/162661/1